Trend Micro

Spread-prevention security minimizes damage following intrusion

Overview

Since the company’s establishment, Trend Micro has aimed to make a world safe for exchanging digital information by providing many innovative security solutions. As a result, it has engaged in initiatives, including the deployment of many of the latest technologies in the company’s own IT environment. The knowledge accumulated through being the first to apply Trend Micro security solutions has become a key component in proposals for new customers.

“Customers have a great interest in knowing what security measures security vendors themselves implement. Trend Micro publicizes its in-house initiatives. As a result, we feel that passing on the knowledge that we acquire to customers makes it possible to achieve stronger security and leads to reliability when adopting our solutions,” says Trend Micro’s Tsuyoshi Yamada.

Challenges

The company’s efforts in Virtual Desktop Infrastructure (VDI) is one of its recent initiatives of deploying its technologies in its own IT environment.

Trend Micro in Japan had been providing a VDI for management and sales personnel who frequently used PCs outside of the company. The existing system only allowed 150 users; however, the company is now constructing a new system which expands the range of use and allows 500 users. “For example, if the Support Department uses the VDI more actively than it does now, support services will be able to continue even in the event of a disaster etc., which will enable us to contribute to customer business continuance,” explains Trend Micro’s Yoshinobu Imaizumi.

"VMware NSX, which is a technology that creates virtual networks and is currently expected to be used by a great number of enterprises, was of particular interest. We determined that it was essential for accomplishing our goal of actively adopting new technologies ahead of our customers."

Why Trend Micro

For construction of the new VDI, Trend Micro adopted VMware® vSphere and VMware® NSX as its virtualization and network virtualization platforms respectively.

These two platforms enable virtualization of infrastructure itself. The use of VMware® Virtual SAN which constructs virtual storage volumes using internal server disks makes the purchase of highend storage equipment unnecessary. Because VMware NSX virtualizes the functions of network equipment such as switches, routers, firewalls, and load balancers, network equipment can be downsized and there is no need to add unnecessary equipment, which leads to cost reductions.

In contrast to traditional physical equipment which requires the construction of infrastructure while using command line inputs, etc., following deployment, it is possible to control servers, storage, and networks through software, which allows workloads for construction and settings configuration to be reduced.

“VMware NSX, which is a technology that creates virtual networks and is currently expected to be used by a great number of enterprises, was of particular interest. We determined that it was essential for accomplishing our goal of actively adopting new technologies ahead of our customers,” says Yamada.

Trend Micro uses Trend Micro Deep Security Virtual Appliance (DSVA) in combination with the aforementioned technologies to strengthen VDI security. This is because combining VMware NSX and DSVA can achieve a more effective arrangement known as “micro-segmentation”.

Micro-segmentation differs from conventional measures which aim to prevent malware intrusion, and instead prevents the spread of damage after malware intrusion has occurred. “Due to worsening threats, completely preventing malware intrusion has been increasingly difficult. Damage minimization is a new way of thinking in terms of security, and it’s an area that Trend Micro is also focusing its efforts in. We felt that we should put this into practice in the VDI,” continues Imaizumi.

"With an automated response through micro-segmentation, the escalation to the administrator is in the form of an alert which communicates that a PC has already been quarantined. Achieving a swift and accurate first response enables damage to be kept to a minimum."

Solution

Using VMware NSX to virtualize the network allows the network to be segmented by the smallest unit – the virtual NIC. Micro-segmentation involves establishing a virtual firewall as the boundary of this minimal network segment.

The combination of this virtual firewall and DSVA enables automatic incident response. When DSVA detects malware in a virtual PC, it communicates the fact to VMware NSX, the virtual PC is then automatically isolated from the network via the virtual firewall, and communication is cut off. It is also possible to automatically clean the malware and restore the virtual PC to the network.

“After a malware intrusion, the initial response is important for keeping the spread of damage at a minimum - there are limitations in a human-based response in which the situation is verified after the user escalates the PC infection to administrators, and the PC is then manually isolated and cleaned. With an automated response through micro-segmentation, the escalation to the administrator is in the form of an alert which communicates that a PC has already been quarantined. Achieving a swift and accurate first response enables damage to be kept to a minimum,” explains Yamada.

"The use of DSVA allows security settings to be automatically applied when creating a virtual PC. What’s more, with micro-segmentation, once the firewall settings are configured for the first time, they are then automatically applied subsequently. This makes us feel that PCs are instantly usable once connected."

Results

The new VDI built from VMware vSphere, VMware NSX, and DSVA is not only secured through micro-segmentation, it also provides excellent results in terms of stability and performance. “There has been virtually no trouble, and evaluations show that system response is better than before.” Simplified operation has been another great result.

It has already been stated that virtualizing infrastructure itself is able to decrease the workload for construction and settings modification, but it has also made security configuration more efficient.

“The use of DSVA allows security settings to be automatically applied when creating a virtual PC. What’s more, with micro-segmentation, once the firewall settings are configured for the first time, they are then automatically applied subsequently. This makes us feel that PCs are instantly usable once connected,” explains Imaizumi. If it is necessary to change the firewall settings for separate virtual PCs, batch configuration of virtual firewall settings for particular groups is also possible through VMware NSX.

Trend Micro has been able to obtain a wealth of knowledge through this initiative. “Utilizing the solution from a user perspective, for example, designing resources for the purpose of extracting the optimum performance, gives us great insights,” emphasizes Yamada. Trend Micro firmly believes that this experience will not only lead to further evolution of products and services in the future, it will also protect customer businesses.